1) Field of the Invention
The present invention relates to an information processing terminal and an information security and protection method therefor, and in particular to an information processing terminal and an information security and protection method therefor preferably used for settlement of registered merchandise to be purchased.
2) Description of the Related Art
In recent years, there have been developed transaction systems which perform ordering process for merchandises and settlement processing by credit card or the like using a portable terminal such as a hand-held terminal, a personal digital assistant (PDA), or the like. Attention has been focused on a transaction form using such a portable terminal because of its convenience, and it is extremely important how to secure and protect information about users particularly associated with settlement processing or the like, that is, how to ensure countermeasures of preventing the leakage of secret information about users.
Usually, when such information about a user is inputted, there is carried out authentication of the user through input of an identification number so as to prevent any fraudulent settlement processing or the like based on impersonation. It is therefore important to prevent a user's own identification number from being known by other persons, and hitherto various techniques for securing and protecting a user's own identification number have been developed.
For example, in a terminal having environment in which an application runs on a general-purpose operating system (OS), there is the possibility that a fraudulent application by impersonator, wherein an identification number is entered, may be easily created and operated, so that there is to be taken into account the potential of the leaking of the identification number through such fraudulent application by impersonator. To cope with such problem, a preventive countermeasure has been taken, by using a non-disclosed special OS which runs only when handling an identification number, to eliminate the possibility of creating and operating a fraudulent application by impersonator as described above so as to prevent any leakage of an identification number.
Furthermore, since a keyboard for entering identification numbers is ordinarily used also for another purpose, identification numbers and data for another purpose are both entered through a common keyboard driver. Thus, key codes of identification numbers converted by the common keyboard driver may leak to other applications through the OS. To cope with this problem, a preventive countermeasure has been taken to prevent any leakage of identification numbers in such a way as to separately provide another keyboard exclusively used to enter identification numbers.
From among technologies related to the present invention there is described a technology in patent literature 1 shown below. In this technology described in this patent literature 1, an identification number is inputted through a mobile telephone, and a settlement terminal makes a transmission and reception to/from a portable terminal to analyze the identification number, so that a dedicated pin pad which is paired with a settlement terminal is not required and leakage of the identification number through a reader capable of being mounted on the pin pad can be prevented accordingly.
[Patent Literature 1] Japanese Patent Laid-Open Publication No.2003-157239
However, such conventional technologies for preventing leakage of an identification number pose problems as shown hereafter.
First, in the case where there is used a non-disclosed special OS which runs only when handling an identification number, persons capable of developing application programs handling identification numbers are limited to persons understanding the non-disclosed special OS, and thus environments and human resources for developing application programs are limited.
In the case where a keyboard used only for entering identification numbers is provided separately, the scale of the device increases, and yet its convenience as a portable terminal decreases.
Also in the technology described in the above patent literature 1, an identification number entered from a mobile telephone may leak out through a fraudulent application by impersonator built in the mobile telephone itself, and therefore if a special OS is used to prevent this fraudulent application by impersonator, environments and human resources for developing application programs are limited as is the case with the above mentioned.